Upgrade kustomize and use the set image command to patch the image name and version

deploy/kubernetes/base/controller.yaml

@@ -16,23 +16,23 @@ spec:
       serviceAccountName: csi-controller-sa
       containers:
         - name: csi-provisioner
-          image: MUSTPATCHWITHKUSTOMIZE
+          image: REPLACEME/csi-provisioner
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
         - name: csi-attacher
-          image: MUSTPATCHWITHKUSTOMIZE
+          image: REPLACEME/csi-attacher
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
         - name: gce-pd-driver
-          image: MUSTPATCHWITHKUSTOMIZE
+          image: REPLACEME/gcp-compute-persistent-disk-csi-driver
           args:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"
@@ -51,3 +51,5 @@ spec:
         - name: cloud-sa-volume
           secret:
             secretName: cloud-sa
+  # This is needed due to https://github.com/kubernetes-sigs/kustomize/issues/504
+  volumeClaimTemplates: []

deploy/kubernetes/base/node.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: csi-node-sa
       containers:
         - name: csi-driver-registrar
-          image: MUSTPATCHWITHKUSTOMIZE
+          image: REPLACEME/csi-node-driver-registrar
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
@@ -37,7 +37,7 @@ spec:
         - name: gce-pd-driver
           securityContext:
             privileged: true
-          image: MUSTPATCHWITHKUSTOMIZE
+          image: REPLACEME/gcp-compute-persistent-disk-csi-driver
           args:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"

deploy/kubernetes/base/setup-cluster.yaml

@@ -45,9 +45,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: external-provisioner-role
 rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete"]
@@ -60,12 +57,6 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshots"]
-    verbs: ["get", "list"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshotcontents"]
-    verbs: ["get", "list"]
 
 ---
 
@@ -116,47 +107,3 @@ roleRef:
   kind: ClusterRole
   name: external-attacher-role
   apiGroup: rbac.authorization.k8s.io
-
----
-# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: external-snapshotter-role
-rules:
-- apiGroups: ["snapshot.storage.k8s.io"]
-  resources: ["volumesnapshotclasses"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: ["snapshot.storage.k8s.io"]
-  resources: ["volumesnapshotcontents"]
-  verbs: ["create", "get", "list", "watch", "update", "delete"]
-- apiGroups: ["snapshot.storage.k8s.io"]
-  resources: ["volumesnapshots"]
-  verbs: ["get", "list", "watch", "update"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["create", "list", "watch", "delete"]
-- apiGroups: [""]
-  resources: ["events"]
-  verbs: ["list", "watch", "create", "update", "patch"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["watch", "get", "list"]
-- apiGroups: ["admissionregistration.k8s.io"]
-  resources: ["mutatingwebhookconfigurations"]
-  verbs: ["create"]
-
----
-
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: csi-controller-snapshotter-binding
-subjects:
-  - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: external-snapshotter-role
-  apiGroup: rbac.authorization.k8s.io

deploy/kubernetes/install-kustomize.sh

@@ -17,7 +17,7 @@ if [ ! -f "${KUSTOMIZE_PATH}" ]; then
 
   echo "Installing kustomize in ${KUSTOMIZE_PATH}"
   opsys=linux  # or darwin, or windows
-  curl -s https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/v1.0.8 |\
+  curl -s https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/v2.0.3 |\
     grep browser_download |\
     grep $opsys |\
     cut -d '"' -f 4 |\

deploy/kubernetes/overlays/alpha/WARNING.md

@@ -0,0 +1,3 @@
+WARNING: DO NOT USE THE ALPHA VERSION OF THE DRIVER FOR PRODUCTION
+
+Alpha features are unsupported and may be unstable and have breaking changes across releases.

deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml

@@ -0,0 +1,17 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-gce-pd-controller
+spec:
+  template:
+    spec:
+      containers:
+        - name: csi-snapshotter
+          imagePullPolicy: Always
+          image: quay.io/k8scsi/csi-snapshotter:v1.0.1
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi

deploy/kubernetes/overlays/alpha/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../stable
+patches:
+- controller_add_snapshotter.yaml
+patchesJson6902:
+- target:
+    group: rbac.authorization.k8s.io
+    version: v1
+    kind: ClusterRole
+    name: external-provisioner-role
+  path: rbac_add_snapshots_to_provisioner.yaml
+resources:
+- rbac_add_snapshotter.yaml

deploy/kubernetes/overlays/alpha/rbac_add_snapshots_to_provisioner.yaml

@@ -0,0 +1,16 @@
+# arrays without strategic patch merge defined need to be appended
+# using jsonpatch
+# https://github.com/kubernetes-sigs/kustomize/blob/master/examples/jsonpatch.md
+- op: add
+  path: /rules/-
+  value:
+    apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+
+- op: add
+  path: /rules/-
+  value:
+    apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]

deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml

@@ -0,0 +1,42 @@
+# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-snapshotter-role
+rules:
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshotclasses"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshotcontents"]
+  verbs: ["create", "get", "list", "watch", "update", "delete"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshots"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["create", "list", "watch", "delete"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["list", "watch", "create", "update", "patch"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses"]
+  verbs: ["watch", "get", "list"]
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs: ["create"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-controller-snapshotter-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-controller-sa
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: external-snapshotter-role
+  apiGroup: rbac.authorization.k8s.io

deploy/kubernetes/overlays/dev/controller_always_pull.yaml

@@ -0,0 +1,11 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-gce-pd-controller
+spec:
+  template:
+    spec:
+      containers:
+        - name: gce-pd-driver
+          imagePullPolicy: Always
+

deploy/kubernetes/overlays/dev/kustomization.yaml

@@ -1,5 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 bases:
-- ../../base
+- ../alpha
 patches:
-- controller_images.yaml
-- node_images.yaml
+- controller_always_pull.yaml
+- node_always_pull.yaml
+images:
+# Replace this with your private image names and tags
+- name: REPLACEME/gcp-compute-persistent-disk-csi-driver
+  newName: gcr.io/REPLACEME/gcp-compute-persistent-disk-csi-driver
+  newTag: "latest"
+- name: REPLACEME/csi-provisioner
+  newName: gcr.io/gke-release/csi-provisioner
+  newTag: "v1.0.1-gke.0"
+- name: REPLACEME/csi-attacher
+  newName: gcr.io/gke-release/csi-attacher
+  newTag: "v1.0.1-gke.0"
+- name: REPLACEME/csi-node-driver-registrar
+  newName: gcr.io/gke-release/csi-node-driver-registrar
+  newTag: "v1.0.1-gke.0"

deploy/kubernetes/overlays/dev/node_images.yaml → deploy/kubernetes/overlays/dev/node_always_pull.yaml

@@ -8,6 +8,4 @@ spec:
       containers:
         - name: gce-pd-driver
           imagePullPolicy: Always
-          image: gcr.io/dyzz-csi-staging/csi/gce-pd-driver:latest
-        - name: csi-driver-registrar
-          image: gcr.io/gke-release/csi-node-driver-registrar:v1.0.1-gke.0
+

deploy/kubernetes/overlays/prow-gke-release-staging-head/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../base
+images:
+- name: REPLACEME/gcp-compute-persistent-disk-csi-driver
+  newName: gcr.io/gke-release-staging/gcp-compute-persistent-disk-csi-driver
+  newTag: "latest"
+- name: REPLACEME/csi-provisioner
+  newName: gcr.io/gke-release-staging/csi-provisioner
+  newTag: "latest"
+- name: REPLACEME/csi-attacher
+  newName: gcr.io/gke-release-staging/csi-attacher
+  newTag: "latest"
+- name: REPLACEME/csi-node-driver-registrar
+  newName: gcr.io/gke-release-staging/csi-node-driver-registrar
+  newTag: "latest"

deploy/kubernetes/overlays/prow-gke-release-staging-rc/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+- ../../base
+images:
+- name: REPLACEME/gcp-compute-persistent-disk-csi-driver
+  newName: gcr.io/gke-release-staging/gcp-compute-persistent-disk-csi-driver
+  newTag: "v0.4.0-gke.0"
+- name: REPLACEME/csi-provisioner
+  newName: gcr.io/gke-release-staging/csi-provisioner
+  newTag: "v1.0.1-gke.0"
+- name: REPLACEME/csi-attacher
+  newName: gcr.io/gke-release-staging/csi-attacher
+  newTag: "v1.0.1-gke.0"
+- name: REPLACEME/csi-node-driver-registrar
+  newName: gcr.io/gke-release-staging/csi-node-driver-registrar
+  newTag: "v1.0.1-gke.0"